Provisioning user accounts

The User Management panel is the central administrative hub for WarehousePG Enterprise Manager (WEM). Use these actions to oversee account security, define permission tiers, and configure system-wide integration settings.

Managing the user lifecycle

Use the Users tab to monitor account status and provision new access credentials.

• Monitor account security: Check the header metrics for locked accounts. A non-zero value indicates that users have exceeded the failed login threshold, requiring you to investigate potential security incidents or assist users with password resets.
• Provision new users: Select the Add User button to create a new identity. Use the Map to Existing PG User feature to either link the account to an existing database role (like gpadmin) or automatically provision a new database identity that matches the WEM username.
• Enforce security policies: When editing a user, use the Active toggle bar to revoke access immediately without deleting the account's history.
• Audit administrative overhead: Regularly review the Admin Users count in the header. Keeping the number of high-privileged accounts to a minimum is a core security best practice.

Defining role-based Access

Use the Roles and Permissions tabs to control what your team can see and do within the platform.

• Leverage system roles: Assign users to one of the three built-in tiers:

  • Admin: Full system control.
  • Operator: Operational dashboard access, including query management and cancellation.
  • Viewer: Read-only access to metrics and logs. Refer to the Role permissions matrix for details.

• Customize module visibility: Use the Permissions tab to toggle the visibility of specific tabs for each role. This allows you to simplify the interface for viewers or restrict sensitive configuration pages to admins only.

• Restore factory defaults: If permissions become misconfigured, use the reset defaults button to instantly revert the RBAC matrix to the factory-recommended secure state for all roles.

Auditing and security forensics

Use the Audit Log tab to maintain a chronological record of every administrative action performed in the system.

• Investigate authentication patterns: Filter by Failed Login to identify potential brute-force attempts. Use the Login and Logout events to verify user activity during specific incident windows.
• Track configuration changes: Review the Update User and Create User actions to see who modified roles or security flags. This provides accountability for all changes made to your access control layer.

Configuring system settings

Use the Settings tab to perform configuration changes to your existing WEM installation.

• Establish the database backbone: Configure the WHPG database connection with your coordinator host and credentials.

• Integrate observability tools: Input your Prometheus and Loki URLs to enable real-time metric graphs and integrated log streaming. If these fields are left empty, the corresponding tabs in the dashboard will remain disabled.
• Tune query telemetry: Adjust the Log Min Duration Statement to define what constitutes a slow query in milliseconds. This setting directly controls which queries are captured for performance analysis.

Scheduling proactive health checks

Use the Canary Checks tab to define automated probes that verify the end-to-end integrity of your cluster.

• Set up connectivity probes: Create a Connectivity check to verify that the database is accepting new session requests.
• Measure custom sql performance: Use the Query type to run specific SQL statements (e.g., SELECT count(*) FROM sales;) at set intervals. Define warning and critical latency thresholds to trigger alerts if performance degrades.
• Verify infrastructure health: Configure Segment Health and Replication checks to monitor for hardware failures or synchronization lag between primary and mirror segments.